From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Fri, 14 Jun 2019 12:16:59 +0000 (+0200)
Subject: cache: do not populate the cache in case of flush ruleset command
X-Git-Tag: v0.9.1~15
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=dc5372b6e8448549a770f9d09477fd2a9207d69c;p=thirdparty%2Fnftables.git

cache: do not populate the cache in case of flush ruleset command

__CMD_FLUSH_RULESET is a dummy definition that used to skip the netlink
dump to populate the cache. This patch is a workaround until we have a
better infrastructure to track the state of the cache objects.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/include/rule.h b/include/rule.h
index dd9df9ec..b41825d0 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -462,6 +462,7 @@ enum cmd_ops {
 	CMD_EXPORT,
 	CMD_MONITOR,
 	CMD_DESCRIBE,
+	__CMD_FLUSH_RULESET,
 };
 
 /**
diff --git a/src/cache.c b/src/cache.c
index 532ef425..d7153f6f 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -54,6 +54,9 @@ static unsigned int evaluate_cache_flush(struct cmd *cmd)
 	unsigned int completeness = CMD_INVALID;
 
 	switch (cmd->obj) {
+	case CMD_OBJ_RULESET:
+		completeness = __CMD_FLUSH_RULESET;
+		break;
 	case CMD_OBJ_SET:
 	case CMD_OBJ_MAP:
 	case CMD_OBJ_METER:
diff --git a/src/rule.c b/src/rule.c
index 8de5aa62..0c0fd07e 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -210,6 +210,9 @@ static int cache_init(struct netlink_ctx *ctx, enum cmd_ops cmd)
 	};
 	int ret;
 
+	if (cmd == __CMD_FLUSH_RULESET)
+		return 0;
+
 	ret = cache_init_tables(ctx, &handle, &ctx->nft->cache);
 	if (ret < 0)
 		return ret;